In the past year, Somerfield has reassessed its business processes by focusing on risk to reach a consensus about which processes were absolutely necessary.
"There were several processes and systems that were previously thought to be critical, but had nothing to do with getting beans on shelves and were therefore not that important," said Colin Clark, head of corporate business control at Somerfield.
"For the first time, Somerfield had full documentation of all its processes, who did them, and how important they were to the business," he said.
"Organisations need a BCP that can be done in the real world and can be kept up to date easily as part of its annual risk assessment," said Clark.
Somerfield started the process by working out exactly what it did as a business, deciding what it really needed to do to carry on doing business, and then finding ways to protect those truly critical processes.
Clark, who will be speaking at Business Continuity Expo in April, said that organisations can not have a BCP unless they understand what their businesses do.
"Few businesses outside individual work streams actually know what goes on within each function and how they interact unless they have done a corporate risk assessment," he said.